Search Results

Search found 18954 results on 759 pages for 'connection reset'.

Page 634/759 | < Previous Page | 630 631 632 633 634 635 636 637 638 639 640 641  | Next Page >

• Shorewall log question.

  - by Shikoru

  I have been getting various attempts to connect to ports on my shorewall firewall. The ports that I keep seeing connection attempts at are tcp 44444, tcp 44446, udp 55555 and every now and then some slight variation. I ran "netstat -a" and did not see anything listening on those ports. Is this something that I should be worried about or is it just some rouge computers out there? I have noticed alot of the ip addresses are from Spain and Mexico. May 25 18:39:35 Takkun kernel: [62516.626514] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:d0:b7:65:d4:13:34:ef:xx:xx:xx:81:08:00 SRC=200.124.9.113 DST=72.xxx.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=51796 DF PROTO=TCP SPT=2071 DPT=44446 WINDOW=16384 RES=0x00 SYN URGP=0 May 25 18:39:52 Takkun kernel: [62535.433285] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:d0:b7:65:d4:13:34:ef:xx:xx:xx:81:08:00 SRC=72.50.95.174 DST=72.xxx.xxx.xxx LEN=90 TOS=0x00 PREC=0x00 TTL=105 ID=31130 PROTO=UDP SPT=59505 DPT=55555 LEN=70 May 25 18:40:05 Takkun kernel: [62548.963413] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:d0:b7:65:d4:13:34:ef:xx:xx:xx:81:08:00 SRC=77.12.37.1 DST=72.xxx.xxx.xxx LEN=90 TOS=0x00 PREC=0x00 TTL=108 ID=9585 PROTO=UDP SPT=20401 DPT=55555 LEN=70 That is the jist of what im seeing.

  Read the article

• Assistance on setup to Connect an offsite server to the LAN via RRAS VPN - Server 2008 R2

  - by Paul D'Ambra

  I have an office LAN protected using a Zyxel Zywall USG 300. I've set up an L2TP/ipsec VPN on that which accepts connections using a shared secret and I've tested this from multiple clients. I have a server offsite and want to set up RRAS to use a persistent connection to the VPN so that it can carry out network jobs even with no one logged in (I'm using it for Micorosft DPM secondary backup). If I create a vpn as if I were setting up a users laptop it can dial in no problem but if I set up a demand dial interface in RRAS it errors. I enable RRAS ticking only demand dial interface (branch office routing) Select network interfaces, right click and choose new demand dial interface Name the VPN ToCompany Select connect using VPN And then L2TP as the vpn type enter the IP address (double-checked for typos!) select Route IP packets on this interface specify static route to remote network as 10.0.0.0/24 with metric of 1 add dial out credentials (again double checked for typos and confirmed with other vpn connections click finish now I right-click on the new interface and choose properties and then the security tab I change Data encryption to optional select only PAP for Authentication (both as per manufacturer of Zywall) click advanced settings against type of vpn and set shared secret then I select the new interface, right-click and choose connect this dials and then errors with either 720 or 811 as the error codes. However, if I create a VPN by going to Network & Sharing center and setting up as if I was creating a VPN from my laptop to the office (say) it dials successfully so I know the VPN settings are correct and the machine can connect to the VPN. Suggests very strongly the problem is how I'm setting up RRAS. Can anyone help?

  Read the article

• NRPE: Unable to read output with check_connections plugin

  - by Wlodzimierz

  I'm using plugin which gives me warning or crtis with established connections. If I run it on local machine it gives: *root@graber:/usr/lib/nagios/plugins# ./check_connections -w 1 -c 5 -C sshd CRITICAL Established connections: 6* I know, I run as root. But: Rights to the file: root@graber:/usr/lib/nagios/plugins# ls -all check_connections -rwxr-xr-x 1 nagios nagios 5459 2012-07-06 10:19 check_connections /etc/sudoers: root@graber:/usr/lib/nagios/plugins# cat /etc/sudoers Defaults env_reset root ALL=(ALL:ALL) ALL %admin ALL=(ALL) ALL nagios ALL=(ALL) NOPASSWD: /usr/bin/lsof nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/ /etc/nagios/nrpe.cfg: *nrpe_user=nagios nrpe_group=nagios* *dont_blame_nrpe=1* *command_prefix=/usr/bin/sudo command[check_connections]=/usr/lib/nagios/plugins/check_connections -w 1 -c 5 -C sshd* log from remote: *2012-07-06T11:12:49+02:00 graber nrpe[25928]: Handling the connection... 2012-07-06T11:12:49+02:00 graber nrpe[25928]: Host address is in allowed_hosts 2012-07-06T11:12:49+02:00 graber nrpe[25928]: Host is asking for command 'check_connections' to be run... 2012-07-06T11:12:49+02:00 graber nrpe[25928]: Running command: /usr/lib/nagios/plugins/check_connections -w 1 -c 5 -C sshd 2012-07-06T11:19:11+02:00 graber nrpe[26100]: Return Code: 2, Output: NRPE: Unable to read output* Why is this happening? I'm out of ideas, I've searched google for 2 days now :)

  Read the article

• Can any postfix guru assist me determine how emails are still being sent via my server from unauthorized sources?

  - by Dave

  Hi all, I'm getting a little concerned as I run a small server hosting a number of websites and manage the email for a few dozen people. Just recently though I've had a couple of notifications from spamcop alerting me that spam has been sent from my server, and when I have a look over the logs from time to time I can indeed see that there are many repeated attempts of mail being sent from my server. Most of the time it gets knocked back from the destination servers but sometimes its getting through. Unfortunately I'm not linux or postfix expert, I can get by but had though I had my machine locked down quite securely, I don't allow relaying, when I check the online DNS/MX tools they tend to report my server as being OK so I'm not sure where to take it now and hoping someone might be able to throw me a few pointers. I get lots of entries like this in my MAIL.INFO log Jan 2 08:39:34 Debian-50-lenny-64-LAMP postfix/qmgr[15993]: 66B88257C12F: from=<>, size=3116, nrcpt=1 (queue active) Jan 2 08:39:34 Debian-50-lenny-64-LAMP postfix/qmgr[15993]: 614C2257C1BC: from=<[email protected]>, size=2490, nrcpt=3 (queue active) and Jan 7 16:09:37 Debian-50-lenny-64-LAMP postfix/error[6471]: 0A316257C204: to=<[email protected]>, relay=none, delay=384387, delays=384384/3/0/0.01, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx.fakemx.net[46.4.35.23] refused to talk to me: 421 mx.fakemx.net Service Unavailable) Jan 7 16:09:37 Debian-50-lenny-64-LAMP postfix/error[6470]: 5848C257C20D: to=<[email protected]>, relay=none, delay=384373, delays=384370/3/0/0.01, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx.fakemx.net[46.4.35.23] refused to talk to me: 421 mx.fakemx.net Service Unavailable) then there tends to be connection timeouts, so from what I see even though I had relaying disabled.. something is getting by and trying to send.. So if you can help that will be greatly appreciated, and any further logging/config info I can supply. Thanks

  Read the article

• Intermittent lockups, unable to diagnose in over a year

  - by Magsol

  Here's a real doosie; I may just give my firstborn child to whomever helps me solve this problem. In July 2008, I assembled what would be my desktop computer for graduate school. Here are the specs of the machine I built: Thermaltake 750W PSU Corsair Dominator 2x2GB 240-pin SDRAM Thermaltake Tower Asus P5K Deluxe Motherboard Intel Core 2 Quad Q9300 2.5GHz CPU 2 x GeForce 8600 GT WD Caviar Blue 640GB hard drive CD burner DVD burner Soon thereafter, I ordered a new motherboard (because I was an idiot; that first motherboard supported CrossFire, not SLI), an Asus P5N-D. I was originally running Windows XP SP3. Pretty much right into the start of the fall semester, my desktop would simply lock up after awhile. If my system was largely idling, it would be after 1-3 days. If was gaming, it often happened an hour or two into my gaming session, indicating a link to activity level. Here's where it started getting interesting. I started looking at the system temps. The CPU was warmer than it should have been (~60s C), so I purchased some more efficient cooling compound a way better cooler for it. Now it hardly goes over 40 C. Intel was even kind enough to swap it out for free, just to rule it out. Lockups continued. The graphics cards were also running pretty warm: about 60 C idling. Removing one of them seemed to improve stability a little bit...as in, it wouldn't lock up quite as frequently, but still always eventually locked up. But it didn't matter which card I used or removed, the lockups continued. I reverted back to the original motherboard, the P5K Deluxe. Lockups continued. I purchased an entirely new motherboard, eVGA's nForce 750i. Lockups continued. Ran memtest86+ over and over and over, with no errors. Even RMA'd the memory. Lockups continued. Replaced the PSU with a Corsair 750W PSU. Lockups continued. Tried disconnecting all IDE drives (HDDs are SATA). Lockups continued. Replaced both graphics cards with a single Radeon HD 4980. Average temps are now always around 50 C when idling, 60 C only when gaming. Lockups continued. Throughout the whole ordeal, the system has been upgraded from Windows XP SP3 to Vista 32-bit, to Vista 64-bit, and is now at Windows 7 64-bit. Lockups have occurred at every step along the way (each OS was in place for at least a few months before the next upgrade). Edit: By "upgrade" I mean clean install each time. In addition to those reformats, I have performed many, many other reformats of the system and a reinstall of whatever OS had been previously installed in an attempt to rectify this problem, to no avail./Edit When the system locks up, there's no blue screen, no reboot, no error message of any kind. It simply freezes in place until I hit the reset button. Very, very rarely, once Windows boots back up, the system informs me that Windows has recovered from an error, but it can never find the source aside from some piece of hardware. I've swapped out every component in this computer, and there are more fans in it than I care to count...though for the sake of completeness: top 80mm case fan (out) rear 80mm case fan (out) rear 120mm case fan (out) front 120mm case fan (in) side 250mm case fan (in) giant CPU fan on-board motherboard fan (the eVGA board) triple-fan memory setup (came with the memory) PSU internal fan another 120mm fan I stuck on the underside of the video card to keep hot air from collecting at the bottom of the case I'm truly out of ideas. ANY help at all would be oh-so-very GREATLY appreciated. Thank you!

  Read the article

• Not able to run firefox in a head-less Ubuntu server 9.10

  - by Julio J.

  I need to run Firefox in my server in order to execute some Selenium tests from Hudson. I would love no to have to install a complete gui. So I installed Xvfb in order to fake the Gui (I understand it this way correct me if my assumptions are wrong). After some time trying to make it work, I'm stuck with the next situation: $ sudo Xvfb -ac :99 & [dix] Could not init font path element /var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType, removing from list! (EE) config/hal: NewInputDeviceRequest failed (2) (EE) config/hal: NewInputDeviceRequest failed (2) (EE) config/hal: NewInputDeviceRequest failed (2) (EE) config/hal: NewInputDeviceRequest failed (2) (EE) config/hal: NewInputDeviceRequest failed (2) $ firefox [dix] Could not init font path element /var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType, removing from list! [config/dbus] couldn't register object path (EE) config/hal: NewInputDeviceRequest failed (2) (EE) config/hal: NewInputDeviceRequest failed (2) (EE) config/hal: NewInputDeviceRequest failed (2) (EE) config/hal: NewInputDeviceRequest failed (2) (EE) config/hal: NewInputDeviceRequest failed (2) Xlib: extension "RANDR" missing on display ":99.0". GConf Error: Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://projects.gnome.org/gconf/ for information. (Details - 1: Failed to get connection to session: /bin/dbus-launch terminated abnormally without any error message) I'm runnig firefox without installing it from the repositories. And I'm getting a socket timeout when I try to run the selenium tests, so I guess the problem is in Firefox and Xvfb. I have installed already the nex package: i gconf-defaults-service - GNOME configuration database system (system defaults service) That in some forums suggest to be a fix, that in my case doesn't work. Any explanation about the problem and ways of solving it without installing a full gui, will be very helpful.

  Read the article

• can't connect to vsftpd from outside network

  - by rick

  i know this has been asked many times before, but nothing seems to resolve my issue. i have vsftpd running on ubuntu 10.04. i can connect with ftp localhost on the machine. i can connect from another machine in my network. i just cannot connect from outside. the machine is behind an airport extreme managed by airport utility on a mac. 21 is open as per nmap: macmini:~$ nmap localhost Starting Nmap 5.21 ( http://nmap.org ) at 2011-04-10 23:49 EDT Nmap scan report for localhost (127.0.0.1) Host is up (0.00045s latency). Hostname localhost resolves to 2 IPs. Only scanned 127.0.0.1 rDNS record for 127.0.0.1: localhost.localdomain Not shown: 997 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 631/tcp open ipp netstat says 21 is listening: macmini:~$ netstat -lep --tcp | grep ftp (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp 0 0 *:ftp *:* LISTEN iptables: macmini:~$ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination when i try to connect from my external IP (or a dyndns name which resolves there) it times out. ("control connection timed out") as i know very little about networking, i feel like something may jump out as clearly wrong?

  Read the article

• Is there an SSL equivelent to an ssh agent?

  - by Matthew J Morrison

  Here is my situation: There are a number of developers who all need to have access to be able to install ruby gems and python eggs from a remote source. Currently, we have a server inside our firewall that hosts the gems and eggs. We now want the ability to be able to install things hosted on that server outside of our firewall. Since some of the gems and eggs that we host are proprietary I would like to somewhat lock access to that machine down, as unobtrusively as possible to the developers. My first thought was using something like ssh keys. So, I spent some time looking at SSL mutual authentication. I was able to get everything set up and working correctly, testing with curl, but the unfortunate thing was that I had to pass extra arguments to curl so it knows about the certificate, key and certificate authority. I was wondering if there is anything like the ssh agent that I can set up to provide that information automatically so that I can push the certificates and keys to the developer's machines so the developers don't have to log in or provide keys each time they try to install something. Another thing that I want to avoid is having to modify the 'gem' command and the 'pip' command to provide keys when they make the http connection. Any other suggestions that may solve this problem (not related to ssl mutual auth) are also welcome. EDIT: I've been continuing to research this and I came across stunnel. I think this may be what I'm looking for, any feedback regarding stunnel would also be great!

  Read the article

• DNS Problems with .pt configuration

  - by Tony S.

  Hello everyone! I have a hosting service with aplus.net, however I had a need to register a .pt domain, but aplus doesnt have this service, so I contacted a .pt registar, called hostingbug.net, to do this. So now I'm owner of a .pt domain, lets say, example.pt. I gave hostingbug the aplus nameservers needed for propagation. And here began the problems. When hostingbug tried to configure, the following error was displayed: <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @64.29.151.221 click.pt. NS +norecurse (1 server found) global options: printcmd connection timed out no servers could be reached And they told me that aplus.net needed to create a new dns zone for .pt domains. So I contacted aplus.net, and they didnt understand this issue, and told me that everything was fine with their servers, and sent me back to hostingbug. So I'm felling like a ping pong ball right now... How can I configure this "new dns zone" for .pt domains? Anyone have clue of how to do this so I can tell them? Or should I cancel aplus services? Thanks in advance

  Read the article

• Msg 10054, Level 20, State 0, Line 0 Error when altering a stored procedure to add a couple of curso

  - by doug_w

  We have a home-rolled backup stored procedure that uses xp_cmdshell to create and clean up database backups. We have an instance that is 2005 sp3 that we are trying to deploy this script to. I am at a bit of a loss for why it is not working. When I execute the create it runs for about 30 seconds and yields the following error: Msg 10054, Level 20, State 0, Line 0 A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.) In my tinkering I discovered that by removing the cursors that actually do the work it will allow me to create the stored procedure (not very helpful for me though). If I add the cursors back in using an alter the error returns. I would be curious if someone has experienced this problem and knows of a solution or work around. I am not opposed to posting the source, it is just lengthy. Things I have checked: Error Logs No dump files in the log directory Thanks in advance for the help.

  Read the article

• Haproxy and CNAME

  - by user123354

  I want to create a simple load balancer for the two servers. The problem is with CNAME records, I think. Let's say I have two the same applications on AppFog.com. app1.aws.af.cm and app2.aws.af.cm Here is my haproxy.cfg file: global maxconn 2000 daemon defaults mode http clitimeout 60000 srvtimeout 30000 contimeout 4000 option httpclose listen http_proxy bind [myip]:80 mode http stats enable stats auth user:passwd stats uri /stats balance source option httpchk option forwardfor server host01 app1.aws.af.cm:80 maxconn 300 check server host02 app2.aws.af.cm:80 maxconn 300 check But this only resolving IP for domain app1.aws.af.cm and app2.aws.af.cm, which obviously doesn't work if I open this IP in web browser. The problem is that AppFog doesn't have public IP for application (same as OpenShift). How to do that Haproxy to perform a proper connection between Load Balancer and this two servers? Example: This is real app - http://freechat.eu01.aws.af.cm Haproxy only resolves IP for this domain which is 46.51.204.8:80 Of course this IP will not show my application, only an error page. Sorry for my poor English.

  Read the article

• maximum number of connections Squid

  - by Isaac

  I have a Squid proxy server that controls all internet traffic for my network. I need a way to stop users from downloading big files (say 50MB) in my network. I banned some famous ports (e.g. torrent) but some downloads are possible by HTTP port. Obviously I cannot ban port 80! A simple solution is limiting maxmimum number of the simultaneous connections for each IP (e.g. 3 connections). It's possible in Squid with this config: acl ACCOUNTSDEPT 192.168.5.0/24 acl limitusercon maxconn 3 http_access deny ACCOUNTSDEPT limitusercon But this solution has really bad impact in web browsing, because any smart browser get different parts of a website by several connections simultaneously to speedup web browsing. But if we have a maximum number of connections, the browsers will fail to get some parts and the website will be shown partially and some parts/images/frames will not be shown. So, can we limit maximum number of persist connections? I think this policy will works: Specify Maximum number of connections that is alive for 10 seconds But Number of simultaneous connections for every IP is unlimited But how can we implement this policy when Squid? With which config? UPDATE: artifex and Tom Newton offered using a bandwidth-limiting approach to fight against downloaders. But bandwidth-limiting in Squid has a shortcoming: It's static and cannot dynamically change. So a person has a limited bandwidth not matter how many people are using internet (maybe nobody!) Also, this solution cannot help to stop people from downloading. They still can download but in a lower speed. But if we find a way to terminate persist connections (or any connection that is alive more than a specific time), downloading big files will be almost impossible (always there is some way!)

  Read the article

• Connecting 2 different subnet masks

  - by Jonathan

  I'm no network genius, but I have managed to get most things running. I get confused about subnets and gateways though. We have an office server connected to around 20 PC's that all communicate fine. We have just gotten a cutting machine that won't connect to our network. The server has DHCP, but that fails on the cutting machine, so I've been trying to set the IP manually. Server details are as follows: IP: 10.1.1.12 SUBNET: 255.255.255.0 GATEWAY: 10.1.1.1 Internet connection is via the modem which is 10.1.1.1 An office PC is ussually set up through DHCP and has the following settings: IP: 10.1.1.36 SUBNET: 255.255.255.0 GATEWAY: 10.1.1.1 PRIMARY DNS: 10.1.1.12 Cutting Machine computer has 2 network ports. 1 is specifically for the communication between the PC and the cutting machine. It's details must be as follows: IP: 10.100.100.2 SUBNET: 255.255.255.252 GATEWAY: BLANK The other network port need to connect to the server. I was told that the IP and SUBNET need to be as follows: IP: 10.100.100.1 SUBNET: 255.255.255.252 GATEWAY: ?? How can I connect this port to the server and/or the internet. If anyone can offer assistance, it would really be appreaciated.

  Read the article

• Network card very slow, only on Windows

  - by J Penguin

  This only happens to 1 of my machine, and only when booting into Windows 7. No matter what network card I put in, Windows would default its mode to 10Mbps full duplex. Transfer speed is approximately 1 MB/s. If I set it to 100Mbps, the transfer drops to 100-200K/s. If I set it to 1000Mbps, the connection is lost completely. I've tried swapping in different cards, both PCI-E and PCI. I'v etried update the windows, I've tried reinstalling the drivers... On this very same machine, if I boot into Fedora, it can use the card at its full capacity 1000Mbps transfering 80+ MB/s And all the cards work just fine when plugging into other machines on the same network. I'm very curious. What could be the reason for this? The only different software that this machine has is virtual box with a VPN emulator, but disabling that VPN doesn't seem to do anything. I would like to get this fixed, hopefully, without reinstalling windows _< Will that be possible?

  Read the article

• Is iptable capable of this or should I go with mod_proxy?

  - by Jesper

  I'm trying to configure my network to receive an incoming connection on one device and then redirect it to another device on a specific port. Right now I'm on about port 80 and a device running apache. The problem I'm facing is that when the forwarding is done it also sets the source ip to the first device instead of the source ip the user that connects to the service has. Let me illustrate it: [Internet User] = 7.7.7.7 connects to [Device 1] = 1.1.1.1:80 [Device 1] forwards it to [Device 2] = 1.1.1.2:80 [Device 2] outputs response that [Internet User] sees So on [Device 2] I will naturally see [Device 1]s IP in the logs, but I wanna see if there is a way to connect the internet user through [Device 1] to [Device 2] while seeing the real source IP in the logs on [Device 2]. Is that possible? My rule-set looks like this at the moment: (on Device 1) iptables -P FORWARD ACCEPT iptables -t nat -I PREROUTING -j DNAT -p tcp --dport 80 --to-destination 1.1.1.2:80 iptables -t nat -I POSTROUTING -j SNAT -p tcp -d 1.1.1.2 --to-source 1.1.1.1 On [Device 2] it accepts all incoming on port 80 from [Device 1] as well as accepts all related and established connections. So, would there be any way to get the real source onto [Device 2]? Let me know if you need more information!

  Read the article

• Hyper-V VM Lab + RRAS + RDP

  - by Dennis Evans

  My background is primarily .NET Development with some System Administration skills. I'm trying to set up a VM Lab for me to test System Applications I'm developing but I've only ever done System Administration in already set up environments; I've never set up my own. My current setup: Server 2008 R2 Hyper-V Host on physical machine (only role enabled) with two NICs. First NIC dedicated for Management w/ DHCP address from company's network. Second NIC dedicated to RRAS VM w/ DHCP address from company's network. RRAS VM has two NICS, one is virtual private internal only NIC w/ static entry. The other is the physical NIC mentioned above. I've joined it to my VMLab.net internal domain. My Active Directory Domain Controller server (ADCT) also runs DNS, DHCP, and Certificate Services which I'm familiar with but don't understand completely. RRAS is already set up with NAT to provide the private internal network with Internet access. What I would like to do is be able to RDP into the servers/computers on the VMLab.net domain from my computer. Do I need to add the Remote Desktop Services role and enable the Remote Desktop Gateway service on RRAS in order to do this or is there a way to set up port forwarding on RRAS to just allow a direct connection to the internal servers...or both? What would the best practices be here? Network Diagram http://i.stack.imgur.com/4qfnk.png

  Read the article

• nginx and proxy_hide_header

  - by giskard

  When I curl for a URL I get this answer back: > < HTTP/1.1 200 OK < Server: nginx/0.7.65 < Date: Thu, 04 Mar 2010 12:18:27 GMT < Content-Type: application/json < Connection: close < Expires: Thu, 04 Mar 2010 12:18:27 UTC < http.context.path: /1/ < jersey.response: com.sun.jersey.spi.container.ContainerResponse@17646d60 < http.custom.headers: {Content-Type=text/plain} < http.request.path: /2/messages/latest.json < http.status: 200 < Transfer-Encoding: chunked I want to remove < http.context.path: /1/ < jersey.response: com.sun.jersey.spi.container.ContainerResponse@17646d60 < http.custom.headers: {Content-Type=text/plain} < http.request.path: /2/messages/latest.json < http.status: 200 So I used the proxy_hide_header directive in this way: location / { if ($arg_id) { proxy_pass http..authorized; break; } proxy_pass http..anonymous; proxy_hide_header http.context.path; proxy_hide_header jersey.response; proxy_hide_header http.request.path; proxy_hide_header http.status ; } But it doesn't work. any clues?

  Read the article

• IP-dependent local port-forwarding on Linux

  - by chronos

  I have configured my server's sshd to listen on a non-standard port 42. However, at work I am behind a firewall/proxy, which only allow outgoing connections to ports 21, 22, 80 and 443. Consequently, I cannot ssh to my server from work, which is bad. I do not want to return sshd to port 22. The idea is this: on my server, locally forward port 22 to port 42 if source IP is matching the external IP of my work's network. For clarity, let us assume that my server's IP is 169.1.1.1 (on eth1), and my work external IP is 169.250.250.250. For all IPs different from 169.250.250.250, my server should respond with an expected 'connection refused', as it does for a non-listening port. I'm very new to iptables. I have briefly looked through the long iptables manual and these related / relevant questions: http://serverfault.com/questions/57872/iptables-question-forwarding-port-x-to-an-ssh-port-of-different-machine-on-the-n http://serverfault.com/questions/140622/how-can-i-port-forward-with-iptables However, those questions deal with more complicated several-host scenarios, and it is not clear to me which tables and chains I should use for local port-forwarding, and if I should have 2 rules (for "question" and "answer" packets), or only 1 rule for "question" packets. So far I have only enabled forwarding via sysctl. I will start testing solutions tomorrow, and will appreciate pointers or maybe case-specific examples for implementing my simple scenario. Is the draft solution below correct? iptables -A INPUT [-m state] [-i eth1] --source 169.250.250.250 -p tcp --destination 169.1.1.1:42 --dport 22 --state NEW,ESTABLISHED,RELATED -j ACCEPT Should I use the mangle table instead of filter? And/or FORWARD chain instead of INPUT?

  Read the article

• Grant HTTP access based on unix user group

  - by Sander Marechal

  Is it possible to grant network access or HTTP access based on a user's group? At my company we want to set up an internal composer server using Satis to manage packages for the projects we write (e.g. on repository.mycompany.com), with the packages themselves in our SVN server (svn.mycompany.com). We have several webservers with many different users on them. Some users should be able to reach the composer and SVN server. Some should not. Users that should be able to reach these servers all belong to the same group. How can I set up Apache on the Composer and SVN server to only grant access to those users in that group? Alternatively, can I set up the webservers in such a way that only users from that group are able to make a connection to our Composer and SVN servers? The best thing we have come up with so far is using SSL client certificates. We simply place a client certificate on all servers which can be used to access Composer and SVN. Only the right usergroup will have read access to the certificate. A bit clunky but it may work. But I'm looking for something better.

  Read the article

• HTTPS and Certification for dummies

  - by Poxy

  I had never used https on a site and now want to try it. I did some research, but not sure that I understood everything. Answers and corrections are greatly appreciated. Here we go: To use https I need to generate ‘private’ and ‘public’ keys for the web server I use. In my case it’s apache (manual: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html) Https protocol should be bind to port 443. Q: How to do it? Is it done by default? Where can I check configuration? Aplying https. Q: If I see https in browser does it mean that the data traffic on the page IS encrypted? Any form on the page would submit data via https? Though all the data gonna be encrypted, the browsers would still show ugly red messages. This is just because they do not know anything about my certificate. They have about a hundred certificates pre-installed but mine is not one of them, obviously. But the data IS encrypted by https. If I want browsers to recognize my certificate, I would need to have it signed by one of the certification authorities (ca) that has its certificate pre-installed (e.g. thawte, geotrust, rapidssl etc). UPD: To reed about ssl/tsl: The First Few Milliseconds of an HTTPS Connection, I found it very informative. Examples for PHP (openssl.org) of how to make use of ssl/tsl on the server side are published here.

  Read the article

• Limit copssh users to home directory Windows 7

  - by Siriss

  Hello all- I have found these two sites below: CopSSH SFTP -- limit users access to their home directory only and http://blogs.windowsnetworking.com/wnadmin/2006/11/07/copssh-restricting-users-access/ as well as the Copssh website, but upon completion they do not seem to work. I have copssh installed and I have a separate Windows account "sftpuser" created that is used to connect. The connection works just fine, but I want to limit that user to just their home directory and sub folders. I have 3 hard drives, the C:, a W: and an S: and I want the FTP account to only be able to access the W: drive and its contents (the root of the W: drive is the FTP home directory). Right now "sftpuser" can access all folders, including jump drives to C:, and S:. The linked tutorials do not seem to work, because it seems when I create a group "ftpusersgroup" and add "sftpuser" to the group, and then deny "ftpusersgroup" access to the C: drive, the service breaks and I can no longer login. I have undone everything and am ready to start fresh. Does anyone know how to do this, or is there a better tutorial that someone has or has found? I hope this makes sense. Thank you very much for any help!

  Read the article

• netstat on fresh install of Solaris 10 update 9

  - by cjavapro

  I am attempting to decipher the below output bash-3.00$ netstat -a UDP: IPv4 Local Address Remote Address State -------------------- -------------------- ---------- *.sunrpc Idle *.* Unbound *.32771 Idle TCP: IPv4 Local Address Remote Address Swind Send-Q Rwind Recv-Q State -------------------- -------------------- ----- ------ ----- ------ ----------- *.* *.* 0 0 49152 0 IDLE *.sunrpc *.* 0 0 49152 0 LISTEN *.* *.* 0 0 49152 0 IDLE localhost.5987 *.* 0 0 49152 0 LISTEN localhost.898 *.* 0 0 49152 0 LISTEN localhost.32771 *.* 0 0 49152 0 LISTEN localhost.5988 *.* 0 0 49152 0 LISTEN localhost.32772 *.* 0 0 49152 0 LISTEN *.ssh *.* 0 0 49152 0 LISTEN *.32785 *.* 0 0 49152 0 BOUND localhost.6788 *.* 0 0 49152 0 LISTEN localhost.6789 *.* 0 0 49152 0 LISTEN localhost.32782 *.* 0 0 49152 0 LISTEN localhost.smtp *.* 0 0 49152 0 LISTEN localhost.submission *.* 0 0 49152 0 LISTEN server-host-name.ssh pc-host-name.51269 64868 51 49640 0 ESTABLISHED TCP: IPv6 Local Address Remote Address Swind Send-Q Rwind Recv-Q State If --------------------------------- --------------------------------- ----- ------ ----- ------ ----------- ----- *.* *.* 0 0 49152 0 IDLE *.ssh *.* 0 0 49152 0 LISTEN SCTP: Local Address Remote Address Swind Send-Q Rwind Recv-Q StrsI/O State ------------------------------- ------------------------------- ------ ------ ------ ------ ------- ----------- 0.0.0.0 0.0.0.0 0 0 102400 0 32/32 CLOSED Active UNIX domain sockets Address Type Vnode Conn Local Addr Remote Addr ffffffff84e25ab8 stream-ord ffffffff8569c740 00000000 /var/run/.inetd.uds bash-3.00$ It looks to me like we have the following items UDP IPv4 Open ports sunrpc, 32771 Question 1: What is *.* Unbound? TCP IPv4 Open ports sunrpc, ssh 10 ports open only for localhost The open ssh connection from my PC Question 2: What is *.32785 *.* 0 0 49152 0 BOUND? Question 3: What is *.* *.* 0 0 49152 0 IDLE? (shows up twice) IPv6 Open port ssh Question 3: What is *.* *.* 0 0 49152 0 IDLE? Question 4: What is SCTP? Question 5: What is Active UNIX domain sockets

  Read the article

• When would a persistent route not be an active route?

  - by alnorth29

  I've added a persistent route to our Windows Server 2003 box using "route -p add". After a reboot the "route print" gave this: Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.91.131.1 10.91.131.9 20 10.88.0.0 255.255.255.252 10.88.0.1 10.88.0.1 30 10.88.0.1 255.255.255.255 127.0.0.1 127.0.0.1 30 10.91.131.0 255.255.255.0 10.91.131.9 10.91.131.9 20 10.91.131.9 255.255.255.255 127.0.0.1 127.0.0.1 20 10.255.255.255 255.255.255.255 10.88.0.1 10.88.0.1 30 10.255.255.255 255.255.255.255 10.91.131.9 10.91.131.9 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 224.0.0.0 240.0.0.0 10.88.0.1 10.88.0.1 30 224.0.0.0 240.0.0.0 10.91.131.9 10.91.131.9 20 255.255.255.255 255.255.255.255 10.88.0.1 10.88.0.1 1 255.255.255.255 255.255.255.255 10.91.131.9 10.91.131.9 1 Default Gateway: 10.91.131.1 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 10.88.0.0 255.255.255.0 10.88.0.2 1 The route I added is listed as a persistent route, but not an active one. Why might this be the case? The route in question is for an OpenVPN connection, would that have anything to do with it?

  Read the article

• Is .htaccess slowing down my dedicated server?

  - by David Robles

  First of all, I consider myself more a programmer than a servers guy. I have a website where I receive about 3,000 visits per day, which I think is a lot less than the max capacity for a dedicated server. However, I've noticed that the connection to the website is pretty slow, e.g., to load images, to connect to it via SSH, etc. I configured .httaccess recently to avoid hotlinking to images in my server (i.e. .jpg, .gif and .png), and I was wondering if that could be slowing down my website. This is the configuration that I have: # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.mysite.com$ [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp|swf)$ http://www.google.com/ [R,NC] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress I found some code to do that in google, and I just copied to .htacces since I'm not an expert in apache. It works, but I don't know if that is the best way to do it. How can I see if that is the reason why the server is slow? Are there any tools to monitor it? What would you do guys? Thanks in advance!

  Read the article

• Can't connect remotely to Windows Server 2008 R2

  - by JohnyD

  I have a new Dell R710 server running Windows Server 2008 R2. I one of it's 4 nic's set up and the rest are not being used. I have successfully given it an ip address, network mask, and dns servers. I can ping and resolve this machine from anywhere else in the network. However, when I try to connect to it via RDP it does several things: 1) it might just outright refuse me with the message, "This computer can't connect to the remote computer. Try connecting again." 2) it might connect me and let me chose the account I would like to log on as... but when you select an account then you receive the same message as in #1 3) it might actually allow you to connect but only for about 1 minute and then you receive the same message and it closes your session. I have configured the firewall service to allow for RDP over the domain network connection. This didn't have any noticible effect. I have now disabled the firewall for all 3 networks and have even stopped the Windows Firewall service. I am still having the same issue. I am new to Server 2008 R2 and things are very different. Please give me any advice you can on how to resolve this issue and/or any other gotchas that are sure to come my way. The 2003 - 2008 learning curve seems steep. Thanks

  Read the article

< Previous Page | 630 631 632 633 634 635 636 637 638 639 640 641  | Next Page >